Saturday, January 29, 2005

Lawsuit against Arab Bank

Here's another good reason for financial institutions to have strong anti-money laundering policies and procedures in place - litigation. This Bloombergstory details the lawsuit filed in federal court in Brooklyn by the families of 30 bombing victims against Arab Bank. [Coulter v. Arab Bank, CV-05-365]The lawsuit claims that a "Saudi charity that has collected more than $100 million for Palestinians made payments to the relatives of suicide bombers through Arab Bank Plc." However, Arab Bank's attorney says that the banks "compliance procedures to block suspect transactions are significantly greater in the region than are required locally," and denies that the bank had any part in funding the terrorist.

JACK would be a good name for this group

Celebrity jeweler Katherine Baumann is fighting mad ... against counterfeiters, according to this Jewelers' Circular Keystonearticle. Having successfully "defended her brand name and original jewelry-studded handbag designs against infringers," she is now spearheading the "formation of a new national coalition focused solely on protecting the intellectual property rights of U.S. jewelry designers and manufacturers." Here's my 2 cents on what the new group should be called: JACK - "Jewlers Against Counterfeits and Knock-Offs" (please, no suggestions to include the word "off" in my proposed acronym : ))

So, those little old non-compete agreements you signed when you first joined the company can really have some teeth behind them. Here's how Ohio views them.With respect to non-compete agreements, the Ohio Supreme Court holds the following:

We hold that a covenant not to compete which imposes unreasonable restrictions upon an employee will be enforced to the extent necessary to protect the employer's legitimate interests. A covenant restraining an employee from competing with his former employer upon termination of employment is reasonable if it is no greater than is required for the protection of the employer, does not impose undue hardship on the employee, and is not injurious to the public. Courts are empowered to modify or amend employment agreements to achieve such results. Raimonde v. VanVlerah (1975), 42 Ohio St.2d 21, 325 N.E.2d 544.

Riggs Bank N.A. will plead guilty to a single count of failing to file timely and/or accurate Suspicious Activity Reports as required by the Bank Secrecy Act and its implementing regulations. Riggs Bank N.A. will pay a $16 million fine to federal authorities, and has agreed to a five-year period of corporate probation, which will terminate immediately upon the closing of a sale of Riggs National Corporation or Riggs Bank N.A. or any other change of control transaction.

The guilty plea is in connection with Riggs' repeated and systemic failure accurately to report suspicious monetary transactions associated with bank accounts owned and controlled by Augusto Pinochet of Chile and by the government of Equatorial Guinea. ... United States Attorney [Kenneth L.] Wainstein stated, "Riggs Bank was legally obligated to take steps to ensure that its services would not be used for illegal purposes. Despite numerous warnings from regulators, Riggs courted customers who were a high risk for money laundering and helped them shield their financial transactions from scrutiny. This long-term and systemic misconduct was more than simply blind neglect; it was a criminal breach of the banking laws that protect our financial system from exploitation by terrorists, narcotics dealers and other criminals. We welcome the bank's decision to accept responsibility, to implement internal processes to prevent future such violations, and to cooperate fully with our ongoing investigation."

"The sound business practice of ‘knowing your customers' (PDF) applies particularly to banks and financial institutions, which have an obligation under the law to report suspicious financial transactions that indicate evidence of money laundering or other illegal activity," said Assistant Attorney General Wray. "Such scrutiny is especially important where the customer is a high-profile foreign political figure. U.S. financial institutions must not serve as havens for funds looted from foreign countries, and institutions with weak compliance programs must not be rewarded for their lack of vigilance."

Note the broad use of the phrase "know your customer" by US Attorney Wainstein. In the press release he's talking about knowing your customers in general, as a good business practice for AML compliance. Given the facts surrounding the case, he does not appear to be referring to Section 326 of the Patriot Act.

Section 326 of the PATRIOT Act [Verification of Identification—more commonly referred to as "Know Your Customer"] requires each financial institution-including banks, savings associations, and credit unions-to have a Customer Identification Program (CIP) that describes processes the financial institution will follow to (i) verify the identity of new accountholders, (ii) ensure that the institution has a reasonable belief that it knows each customer's identity, and (iii) compare the names of new customers against government lists of known or suspected terrorists or terrorist organizations.

Watch these guys for future IP infringement suits

Warning to TomorrowNow and its customers, Oracle is wathcing. TomorrowNow is a third party maintenance provider of PeopleSoft software. PeopleSoft is now a part of Oracle. And TomorrowNow was just bought by SAP, Oracle's bitter rival.According to an eWeekarticle:

The intent of the acquisition is to provide maintenance support for users of applications by PeopleSoft and J.D. Edwards & Co., which PeopleSoft acquired last year, while they migrate to SAP. (emphasis added)

The next paragraph quotes Oracle founder Larry Ellison:

"SAP has every right to provide support for PeopleSoft applications as long as they don't violate our intellectual and contractual property rights," Ellison said, in measured tones. "It might make it awkward for them. That's our intellectual property, and they should be cautious."

Wednesday, January 26, 2005

Two Sides of Outsourcing

MIT's Technology Review describes the two sides of outsourcing. The article asks, with so many Silicon Valley start-ups, engineers, and venture capitalists tracing their roots to India, why doesn't India have a booming high-tech industry of it's own. Some speculate that India's outsoursing industry is too busy serving the needs of its well paying foreign clients that they don't have the time or capital to develop their own technology. However, outsourcing can have indirect benefits. The article points to the experience of Ittiam Systems. India's outsourcing experience gives people confidence and experience to venture out on their own and is gradually changing India's culture to where entrepreneurs are no longer viewed as loners who couldn’t hold down regular jobs.Speaking of India and outsourcing: Peter McLaughlin will be chairing the "Competition in Licensing Models" forum at the CLA First International Asian Conference in Bangalore, India.

While it would not prevent all spyware, anti-virus and anti-spyware companies should use a network of PCs to browse sites automatically. Any registry changes or files created or changed or read outside of temp directories would trigger a listing in a black-hole list of sites that install spyware without asking. Spyware addon to browsers would warn end users that site had spyware and block it totaly or simply warn them, depending on settings of spyware blocking addon.

Member GDF says that the solution is unfortunately impractical:

I don't think your solution is practical. Too much spyware is coming from popups, on-page advertising, and other sources the target site has no control over.

The primers are "in process" with more topics to come, so make sure to check the IOSN site frequently.

The IOSN is an initiative of the United Nations Development Programme's ("UNDP"), Asia Pacific Development Information Programme ("APDIP"), and supported by the International Development Research Centre ("IDRC") of Canada.

VSDA argued that courts should not turn a "blind eye" to the rampant copyright infringement that occurs over peer-to-peer file swapping services. VSDA's position supported its call for the Supreme Court to reverse the decision of the U.S. Court of Appeals for the Ninth Circuit in the MGM Studios v. Grokster (PDF) case.

Spyware url list

My previous Spyware on Blogspot? post got me thinking. Would it be too difficult for there to be a list of known url's that load spyware. This list could then be loaded in the Restricted Site zone in Internet Explorer. People can submit suspected sites to a central repository, who could then investigate. If a site proves to be one that loads spyware, then it could be added to the list. Users could then download the list and upload the list to the Restricted Site zone. Simplistic? Too cumbersome? Already done? Let me know.

Spyware on Blogspot?

If you look to the upper right hand corner of this webpage, you will see an icon to go to the "next blog." Clicking on this icon will take you to a randomly selected Blogger blog. Yesterday I was surfing the web on my home computer and hit the "next blog" icon a few times to see what's out there. One of the hits was nana***.blogspot.com (the actual name has numbers in place of the astisks). Pop-ups immediately appeared on my computer immediately after I visited the nana blog, even though I have a pop-up blocker installed. I started getting messages about system resources, etc. I immediately closed all of my browsers, but it was too late. When I re-opened my browser it went to a different home page. My computer was hijacked!Sure enough, Ad-aware (from lavasoft) indicated that my computer had been infected with the Search Miracle/Elite Bar virus.I sent Blogger an e-mail to investigate. I will post their response. In the meantime, I will not be clicking on the "next blog" icon in the near future.

Saturday, January 22, 2005

Is Indemnification Microsoft's Savior?

In the ongoing platform wars, it's not always enough to have a superior operating system or better technical support on your side. Increasingly, giving customers a more thorough intellectual property (IP) indemnification policy, and backing that with a gaggle of lawyers, is the key to winning over customers. This is an important area where Microsoft has held an advantage over Linux, its key competition in the entry and midsized server space. But how long will the advantage last?

The Yankee Group advises all companies to thoroughly review the terms and conditions of their existing and proposed licensing contracts. This report provides recommendations for important checkpoints to help you get the strong intellectual-property protection you need.

Indemnification is a big-ticket item that is included as a standard component in proprietary software licensing contracts. That is not the case with Linux, where indemnification is limited or lacking altogether. The necessity of having to purchase outside indemnification for Linux could negate the perceived savings of the so-called "free" Linux licenses over Microsoft's proprietary Windows.

Friday, January 21, 2005

Gartner News Analysis on IBM's Open Source Move

On January 11, 2005, IBM "pledged open access to key innovations covered by 500 IBM software patents to individuals and groups working on open source software." (Press Release, List of Pledged Patents (PDF))

The pledge is applicable to any individual, community, or company working on or using software that meets the Open Source Initiative (OSI) definition of open source software now or in the future.

IBM intends for this pledge to form the basis of an industry-wide "patent commons" in which patents are used to establish a platform for further innovations in areas of broad interest to information technology developers and users.

Gartnerviews the move as lending "long-term viability to the principles of open source, encourages open-source innovation by smaller and startup independent software vendors." Additionally, "IBM's latest move puts new pressure on Microsoft - indirectly casting it as a proprietary alternative to the industry's open-software movement."

By referring to the OSI, IBM casts it as the definitive open-source organization.

The move is reminiscent of Novell'sannouncement last October to "utilize its patent portfolio to defend against potential intellectual property attacks by others on its open source products." Novell said that this Patent Policy "serves to reassure customers that they can choose open source solutions with confidence, knowing they have strong backing from Novell on patent issues."One commentator wonders whether Novell's Patent Policy is a "Maginot Line."

BITS IT Service Providers Expectations Matrix

The BITS IT Service Provider Expectations Matrix was created to promote a common understanding among interested parties of the financial services industry’s needs related to information technology practices, processes and controls. By providing financial institutions, service providers, and audit and assessment organizations with a comprehensive set of expectations, the Expectations Matrix helps financial services companies to identify risks and comply with regulatory requirements, as well as to eliminate gaps in the audit and assessment processes.

BITS is a nonprofit industry consortium whose goal is to foster the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers.Other BITS papers, presentations and guidelines available for download here.

[Linda] Hamel [general counsel for the Information Technology Division in Massachusetts] pointed out the common misconception that the general public license or GPL is the open source license. Not so. "The GPL is the most common license for all open source software, but it is not the most common license for the most commonly used open source software," she explained. While the differences between GPL and other types of open source licenses are complex, she urged the audience to spend time familiarizing themselves with the issues and risks that can occur should a government enter the field as an open source software developer. As just one example, she pointed out that states, unlike commercial software firms, cannot give 3rd party intellectual property infringement indemnification. Bottom line: make sure your jurisdiction's general counsel is well grounded in the nuances of open source licensing and it's impact on proprietary software licenses.

Remember OFAC when publishing material

Related to my previous al Qaeda book post, OFAC recently issued a new rule (PDF) clarifying the extent to which publishing activities with persons in Cuba, Iran and Sudan are authorized, notwithstanding the U.S. embargoes against those countries.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) today issued a new rule clarifying the extent to which publishing activities with persons in Cuba, Iran and Sudan are authorized, notwithstanding the U.S. embargoes against those countries. Today's action addresses a series of issues that have come to the attention of the Treasury during the past year.

"OFAC's previous guidance was interpreted by some as discouraging the publication of dissident speech from within these oppressive regimes. That is the opposite of what we want," said Stuart Levey, the Treasury's Under Secretary for the Office of Terrorism and Financial Intelligence (TFI). "This new policy will ensure those dissident voices and others will be heard without undermining our sanctions policy."

The new rule enables U.S. persons to freely engage in most ordinary publishing activities with persons in Cuba, Iran and Sudan, while maintaining restrictions on certain interactions with the governments, government officials, and people acting on behalf of the governments of those countries. The rule entails the issuance of general licenses in the Cuban Assets Control Regulations, 31 CFR part 515, the Iranian Transactions Regulations, 31 CFR part 560, and the Sudanese Sanctions Regulations, 31 CFR part 538.

"Persons engaging in the activities authorized in the general licenses can do so without seeking permission from OFAC," said OFAC Director Robert Werner. "This rule provides clarity and promotes important policies aimed at the free exchange of ideas without undermining the national security objectives of these country sanctions."

Iran, Sudan, and Cuba are subject to U.S. sanctions under the International Emergency Economic Powers Act (IEEPA) and the Trading With the Enemy Act (TWEA) based on the threat they pose to the national security, foreign policy and economy of the United States. IEEPA and TWEA give the president the authority to impose sanctions in times of war or national emergency. These statutes are critical to U.S. interests with respect to dangerous regimes, terrorists, narcotics traffickers and the proliferation of weapons of mass destruction. Embargoes established under IEEPA and TWEA often prohibit persons under U.S. jurisdiction from providing goods or services to persons in sanctioned countries, unless authorized by OFAC.

Economic sanctions against foreign states and groups whose actions pose significant threats to the United States are an integral part of our overall national security policy. OFAC is charged with implementing and administering the U.S. Government's economic sanctions programs to effectively put pressure on those posing such threats, while promoting real and positive change.

For one historian, the critical issue is that the public will be able to see and read original documents for themselves. "It's crucial to understand the people you are interacting with, especially when the interaction has taken a violent path," said Lawrence W. Levine, a professor of history at George Mason University in Fairfax, Va.

The Copyright Act provides that copyright subsists in any original work of authorship that is fixed in tangible medium of expression. Originality means that the work was not copied from someone else and possesses at least a small amount of creativity. Does the work of translators and indexers meet the requirements for copyright? The matter has been debated among indexers and translators for years, and the answer may not be the same for translations as for indexes and may differ for various types of either. The Copyright Act actually mentions both translations and indexes. This column focuses on translations; next month’s will address the copyrightability of indexes. Translations are a derivative work, and only the copyright owner can authorize a translation that will be distributed. This envisions a work that is translated into another language and distributed in the parts of the world where that language is spoken. Derivative works are infringing if they are not created with the permission of the copyright holder. Thus, a work of fiction or a best-selling biography cannot be translated into French and distributed without the original author or copyright holder’s permission. If the author authorizes a French translation, the author owns the copyright in the translation since it is a work for hire. According to the statute, for a work for hire, the employing party is the author. In fact, the translator’s name may not even be revealed in the work.

I highly doubt that al Qaeda would sue. Nevertheless, just a little copyright nugget for one to ponder.

Privacy and Security Update - January 2005

Peter Hazelton has a new Privacy and Security Update. It is reproduced in its entirety below.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Privacy Statements Not Contracts, say Courts

Two federal District Courts recently ruled that an airline’s online privacy statement does not constitute a contract between the airline and a passenger. In a class action lawsuit against Northwest Airlines, passengers claimed that the airline had breached its online privacy statement by sharing passenger data from its web site with NASA. NASA had conducted a government study on airline security.

A North Dakota federal district court held, “[B]road statements of company policy do not generally give rise to contract claims.” In a similar lawsuit against Northwest Airlines, a Minnesota federal district court also ruled that an online privacy statement does not create a contract. As a result, the passengers could not claim that Northwest had breached a contract with them by allegedly violating its online privacy statement.

A privacy statement is meant to be a disclosure of the company’s privacy policies. Users are not asked to agree to the privacy statement. A web site user and web site owner form a contract when the user agrees to the web site’s terms of use.

Even if not liable for a breach of contract, companies that violate their own privacy statements face potential claims by government agencies like the FTC or similar state agencies for deceptive or misleading practices. They also must answer to federal, state, or
foreign governments for failing to comply with privacy laws.

Final FACT Act Rules on Consumer Data Disposal

The Federal Trade Commission and a group of federal financial regulatory agencies have each issued a final rule on the proper disposal of consumer report information, as required by the Fair and Accurate Transactions Act of 2003.

The rules require financial institutions to augment information security efforts to include policies on proper disposal of consumer information. The rules aim to reduce the potential for identity theft by protecting against unauthorized access to or use of consumer information.

The rules take effect in the summer of 2005. Even financial institutions with strong information security programs must follow the new standards on information disposal.

HIPAA Security Rule Compliance

Health care organizations spent significant time and effort preparing for compliance with the HIPAA Privacy Rule by its April, 2003 effective date. They have until next April to comply with the HIPAA Security Rule. The Security Rule requires health care organizations to protect the integrity, confidentiality, and availability of electronic patient information against security threats, improper use and disclosure, and illegitimate access.
The two regulations overlap, and health care organizations that comply with the Privacy Rule have already taken significant steps toward Security Rule compliance. These organizations have already examined carefully their collection, use, and disclosure of patient information and have prepared and implemented policies governing these processes. The Security Rule wraps these privacy processes in a cloak of safeguards.

In deference to constant changes in software and in security threats, the drafters of the Security Rule wisely authorize a flexible approach to compliance. The Rule allows organizations to consider their size, complexity, and capabilities when determining proper compliance. What is reasonable and appropriate for a physician’s office is not reasonable and appropriate for a large hospital.

If your organization had to comply with the HIPAA Privacy Rule, then you must also comply with the HIPAA Security Rule. Fortunately, you have already done much of the Security Rule legwork by complying with the Privacy Rule, and you already have at least some security safeguards.

Spyware Legislation

Spyware has become big news this year because it has wreaked havoc in infecting millions of computers nationwide. Congress and state legislatures have begun to act in response to this threat, but industry observers worry that an overbroad definition of spyware could harm makers and distributors of accepted, legitimate computer software.

Hijacking programs that take over your Web browser to direct you to a vendor’s products.

Existing laws on electronic communications and computer fraud are of limited use against spyware. As a result, Congress and the states have taken up the anti-spyware cause.

Utah passed the nation’s first anti-spyware law in March of this year. The law bans the installation on an individual’s computer of any "content based triggering mechanism" to display ads that obscure other Web content. A court blocked enforcement of this ground-breaking Utah law while it resolves a challenge that the law restricts interstate commerce and infringes on free speech.

California recently passed comprehensive anti-spyware legislation designed to prevent computer hijacking and collection of personal information. The law also forbids programs that prevent computer owners from blocking spyware installation or that mislead them about uninstalling or disabling the spyware.

In October, the U.S. House of Representatives passed both the SPY Act and the I SPY Act. Both bills prohibit deceptive spyware programs. The SPY Act imposes notice and consent provisions on software vendors. The I SPY Act imposes criminal penalties. The Senate’s SPYBLOCK Act passed out of committee and would forbid the installation of spyware programs without proper notice and consent. Each of these federal bills would preempt state spyware laws.

Ultimately, Congress did not pass any spyware legislation into law in 2004. The authors of both the SPY Act and the I SPY Act have re-introduced or will re-introduce these bills in the House. The SPYBLOCK Act or similar legislation will likely also be introduced in the Senate.

The extent of potential liability from these new and proposed anti-spyware laws is unclear. Software makers and distributors worry that provisions protecting them from liability for using legitimate applications that provide software or anti-virus updates might not prevent zealous regulators or prosecutors from pursuing makers or operators of legitimate software for alleged spyware violations. In addition, businesses or individuals might face legal liability even if they unwittingly send spyware in an otherwise mundane e-mail attachment.

Before a national consensus develops on which types of software and behavior are illegal, those who develop or transmit software programs can prepare for compliance by taking
into account any new laws, legislation under consideration, and court or regulatory decisions on alleged spyware law violations.

++++++++++++++++++

Peter M. Hazelton, Esq., M.H.A. has assisted corporate clients, both large and small, in complying with applicable U.S., state, and international laws on health care, online, international, and financial privacy and security. He has published articles and lectured nationally and locally on privacy, security, pharmaceutical, and other legal issues.

Mr. Hazelton has a Master of Health Administration degree in addition to his law degree.

This Privacy and Security Update is intended to provide information about important legal developments, not legal advice. Readers should consult legal counsel for advice about their specific circumstances.

IT Security - make sure you exersise due care

The trend in law is to hold organizations accountable for their own IT security weaknesses, warns Ben Wright, a Dallas-based attorney specializing in computer crime and a SANS instructor.

This is particularly the case (PDF) with Internet service providers, says Wright. For example, in 2003, a Maine court forced Verizon Communications Inc. to rebate many of its customers for outages experienced during the outbreak of the Slammer worm. Verizon had not "exercised due care" to protect against the Slammer worm, according to the court.

"Due care can be helpful if you can show a court that you did this," he says. "But the fundamental step is to have a written security policy, followed by logs that showed you followed the policy [during the incident]."

Wednesday, January 19, 2005

AML and OFAC

Under federal rules still being fine-tuned, she discovered, the Bin and Barrel -- like thousands of other businesses -- must have a written plan for foiling money-laundering terrorists. It also must have a "compliance officer'' to ensure the plan is heeded, train its employees to spot shady transactions and regularly audit its own performance.

(1) In general. - In order to guard against money laundering through financial institutions, each financial institution shall establish anti-money laundering programs, including, at a minimum -

(A) the development of internal policies, procedures, and controls;

(B) the designation of a compliance officer;

(C) an ongoing employee training program; and

(D) an independent audit function to test programs.

But, as the story says "that's not all"

While not widely known, the Bin and Barrel and every other U.S. business must steer clear of people on the government's 192-page list of "specially designated nationals,'' which has more than 5,000 names and is updated frequently. Otherwise, business people could face huge fines and a long stay in prison.

***

On Sept. 24 of that year, President Bush signed an executive order barring business dealings with anyone on the specially designated list, which includes the names and aliases of suspected terrorists, drug kingpins and their associates. Those failing to comply can be fined $10 million and jailed up to 10 years.

The list of blocked persons is maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC"). Keeping up to the list can be burdensom and costly. The article claims that the cost of software to match names against the list can cost between $1,000 and $100,000. And it's not foolproof. Let's hope the license agreement has a good indemnification clause, from the licensee's perspective : )

Public Domain Film

Rick Prelinger and The Internet Archive hereby offer these public domain films from Prelinger Archives to all for free downloading and reuse. You are warmly encouraged to download, use and reproduce these films in whole or in part, in any medium or market throughout the world. You are also warmly encouraged to share, exchange, redistribute, transfer and copy these films, and especially encouraged to do so for free. Any derivative works that you produce using these films are yours to perform, publish, reproduce, sell, or distribute in any way you wish without any limitations. Further information on works from Prelinger Archives can be found here. Questions should be directed to Rick Prelinger at Prelinger Archives, PO Box 590622, San Francisco, CA 94159-0622 USA.

Open Source and something called Pandora's Box

The Boston Globe 12/29/04 story: "Business users worry that open-source could mean open season for lawyers." Pay for the article here. International Herald Tribune has the story here for free (at least for now).

The improper use of open-source components, in the worst-case scenario, could subject companies to costly litigation from parties like SCO Group of Lindon, Utah. ... "It's almost like you've got to be a lawyer now to develop software," said Jothy Rosenberg, chief executive and chief technical officer of Service Integrity, who this month ordered a 24-hour scanning of his company's Sift 3.5 software during a "code freeze" before its introduction. "In this day and age, anybody building a commercial piece of software has got to do this. It's like buying insurance on your building."

And here's something to consider:

Some liken it to the Sarbanes-Oxley (PDF) financial reporting requirements that have rattled executives at publicly traded companies. And the problems are related, in that Sarbanes-Oxley requires public companies to value their software and assess their litigation risks.

Third, and perhaps most importantly, the executives of American companies in violation of the GPL are themselves in likely violation of the Sarbanes-Oxley Act, which governs the disclosure of information to shareholders and the public. If the CEO of a corporation says that the corporation owns its assets, but that corporation is violating the GPL, that CEO can go to jail.

The open-source advocates have been able to maintain the thousand-monkey argument largely because the opinion was widely held that open-source software benefits from lots of volunteers and is therefore more secure than proprietary closed-source software. But Enron, and particularly Sarbanes-Oxley, has turned this notion on its head with a vengeance. I've been getting e-mail from CIOs that indicates they are increasingly becoming aware that open-source software might not pass any security audits designed to comply with Sarbanes-Oxley.

That is because, in an audit, you have to be able to certify every part of an application. If there is even a chance that someone who has not been properly qualified touched a financial application or the platform on which that application resides, IT will fail the audit. Corporate boards are motivated to take draconian measures when this happens to protect their own assets.

Federal Court Ruling Eases Bank Insurance Sales

The U.S. District Court in Boston issued a declaratory judgment Wednesday in favor of banks that sought an end to state rules placing various procedural roadblocks that limited the way banks could sell insurance.

MBA challenged "four provisions of Massachusetts law, which they have labeled as the Referral Prohibition, the Referral Fee Prohibition, the Waiting Period Restriction, and the Separation Restriction. The Referral Provision, Mass. Gen. Laws ch. 167F, Sec. 2A(b)(2), allows officers, tellers, and other bank employees who are not licensed insurance agents to refer a bank customer to a licensed insurance agent only when the customer inquires about insurance." One of the Plaintiffs, Banknorth, N.A. has 360 branches in six northeastern states, including 121 Massachusetts branches. During the first six months of 2003, Banknorth did not refer a single Massachusetts customer to its insurance affiliates. By comparison, the Maine, New Hampshire, and Vermont branches referred 4,200 customer, 2,016 customers, and 1,522 customers, respectively, to their insurance affiliates.The court said:

The dismmal number of referrals is clearly a result of the statutory structural impediments to cross marketing insurance products, which include the requirement that any solicitation attempt must capriciously rely on the customer initiating the inquiry.

The court examined the other provisions as well.In the end, the court ruled that the GBLA preempts the Massachusetts provisions because they seriously impede the plaintiffs' ability to solicit, cross market, and sell insurance products.

Tuesday, January 18, 2005

Don't use a money transmitter that operates out of his car

According to a The Gazettestory, the Maryland Department of Labor, Licensing & Regulation ("DLLR") warned its residents to use only licensed money transmitters (IRS faq) when sending money to family and friends in other countries.

Legitimate money transmitters must display their Maryland license on the premises and show it to the customer if requested. The department warns residents not to do business with anyone working out of a car, parking lot and apartment or home that does not appear to be a legitimate business.

Ciena sues Nortel for patent infringement

Ciena Corp. said Tuesday it had filed a patent-infringement suit against Nortel Networks in U.S. District Court.The suit centers on six patents covering equipment that moves voice and data traffic over long distances and stems from Linthicum-based Ciena's 2002 acquisition of Optical Networks Inc., or ONI, for $400 million.

Copyright blamed for killing culture

As Americans commemorate Martin Luther King Jr. and his legacy today, no television channel will be broadcasting the documentary series Eyes on the Prize. Produced in the 1980s and widely considered the most important encapsulation of the American civil-rights movement on video, the documentary series can no longer be broadcast or sold anywhere.

Why?

The makers of the series no longer have permission for the archival footage they previously used of such key events as the historic protest marches or the confrontations with Southern police. Given Eyes on the Prize's tight budget, typical of any documentary, its filmmakers could barely afford the minimum five-year rights for use of the clips. That permission has long since expired, and the $250,000 to $500,000 needed to clear the numerous copyrights involved is proving too expensive.

Monday, January 17, 2005

It's Ambush Marketing Time

I was driving into work this morning listening to Mike & Mike on 1460 The Fan when I heard a commercial for Beef O'Brady's.One guy was taking about getting food from Beef's for the "Big Bowl." The second guy feigned ingnorance about what the first guy was talking about. The first guy was talking about the Super Bowl.So what's the fuss? Well, this is the first example of "ambush marketing" I've heard for this year's Super Bowl. Go Pats!According to BrandChannel.com, ambush marketing "occurs when one brand pays to become an official sponsor of an event (most often athletic) and another competing brand attempts to cleverly connect itself with the event, without paying the sponsorship fee and, more frustratingly, without breaking any laws."Here's (PDF) a short guideline on the do's and don'ts of "Super Bowl" advertising from Leventhal Senter & Lerman.

Today the Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) request with the FBI and other offices of the US Department of Justice, seeking the release of documents that would reveal whether the government has been using the USA PATRIOT Act (PDF) to spy on Internet users' reading habits without a search warrant.

Friday, January 14, 2005

UPenn and HIPAA Security

The University of Pennsylvania recently announced that it's undertaking "an initiative to ensure that all Schools and Centers that handle health information will be in compliance with the Security Rule of the United States’ Health Insurance Portability and Accountability Act of 1996 (HIPAA) by April 21, 2005. Closely related to the HIPAA Privacy Rule (2003) governing the use and disclosure of individually identifiable health information, the Security Rule is largely, but not exclusively, a technology-oriented rule, intended to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI)."

Blogger Legal Defense

The Media Bloggers Association recently announced "the appointment of Ronald D. Coleman, of the Coleman Law Firm, PC as general counsel. Coleman will be build a team of attorney around the country to provide MBA members with first-line counsel on matters relating to the use of intellectual property, defamation and other issues arising from their weblogging."Hat tip, Dan Gillmor

Turning Customer Ideas to Innovation

Most successful product innovation requires imaginative insights and incisive action from heroes in the lab and in marketing. Indeed, whether it was wizards in Menlo Park or Xerox PARC who came up with the concepts, the most effective product development and commercialization processes have always been based on a dynamic and complex exchange of ideas and interests among engineers, marketing experts, and, most importantly, the end-consumer.

Thursday, January 13, 2005

Query Letters I Love

There's this blog called Query Letters I Love that reprints excerpts of unsolicited (?) query letters to an anonymous movie executive. Rather than print query letters from blockbuster hits, the letters are for arguably bad movie plots, such as movies for evil midgets, varsity demon cheerleaders, and my personal favorite, Zombie Lawyers.In between laughing at some of the ridiculous plot lines, I did have a serious thought as to the liability this guy has for posting the query letters. Perhaps the writer could claim copyright infringement or breach of contract/confidentiality. Maybe the writer will send Google'scopyright agent (PDF) a DMCA takedown request (interestingly Blogger has not designated a copyright agent with the US Copyright Office). Hopefully, the writer will take the author of the blog's advice: "if one of these is your query, have a sense of humor, will ya? You're gonna need it in this town."

While the fine is newsworthy by itself, it looks like the court is releasing information that PWC claims to be their trade secret.

Magistrate Patricia Hemann's recommendation isn't new. She issued her report in July, but Pricewaterhouse persuaded the court to keep it under seal, arguing it revealed trade secrets about the firm.

Judge Kathleen O'Malley, who will make the final ruling in the cases, disagreed with Pricewaterhouse and put Hemann's report back on the public docket on Tuesday. O'Malley can adopt the recommendations in whole or in part or can come to her own conclusions.

...

At one point, Pricewaterhouse said it had produced more than 55,000 documents, along with indexes, to comply with Telxon's requests. The firm initially balked at handing over its electronic databases because it said they contained trade secrets.

You would think that PWC's competitors are scurring over to Pacer to download the report. It's document No. 204 from the docket sheet.

FTC Sues Adult Spammers

The Federal Trade Commission has charged a network of corporations and individuals with using spam to sell access to online pornography. The FTC alleges that the defendants, acting as a single business enterprise, barraged consumers with e-mails containing sexually-explicit content without the required warning label. Four of the individual defendants controlled a network of corporations that own and operate the Web sites, payment systems, and servers used to distribute and to sell sexually-explicit content. The network also marketed its sexually-explicit content through an affiliate program that pays commissions to third parties who drive traffic to the network’s Web sites. Through this operation, the FTC alleges that the defendants violated the Adult Labeling Rule, the CAN-SPAM Act, and the FTC Act. A federal district court has issued a temporary restraining order (TRO) against the defendants. The TRO prohibits defendants from engaging in the deceptive practices and freezes the defendants’ assets, pending a preliminary hearing.

Will Bush File a Brief?

The Wall Street Journal has an opinion (paid subscription required) speculating whether the Bush administration will file a brief in an upcoming US Supreme Court case concerning eminent domain, Kelo v. New London. "The Kelo case, which is scheduled to be argued before the Supreme Court on February 22, also involves developer-driven encroachment. A Connecticut developer in cahoots with local officials and Pfizer is seeking to raze more than a dozen homes and small businesses."It seems that the Bush administration is considering filing a brief against the property owners. This would seem to go against his campaign promise of building "an ownership society, because ownership brings security, and dignity, and independence."The National Taxpayer's Union urges the administration to protect Americans' property rights.

Saturday, January 08, 2005

Equal Opportunity Infringer

It appears that the copyright infringement problems in Taiwan and China is not limited to the US entertainment industry. The Korea Times reports on the copyright problems Korean entertainment companies face in Taiwan and China.

One strategy, by boy band Shinhwa, is to focus their music and promotional efforts in Japan, rather than Taiwan or China. Japan is precieved to have less of an infringement problem.

Another strategy, by SM Entertainment, is to work with entertainment companies based in Taiwan and China and to encourage people to buy authentic products.

At issue are paintings and white T-shirts that feature the image of a blue dog lounging inside a martini glass, all sold recently at Putman's gallery, which is down the block from Rodrigue's Royal Street studio.

The lawsuit, filed Dec. 17 in U.S. District Court, says that Putman and the two artists infringed on Rodrigue's copyright by peddling the items featuring images "similar or virtually identical" to his Blue Dog, a yellow-eyed canine image that Rodrigue created 20 years ago.

Friday, January 07, 2005

Copyright, Tsunami and Video Blogs

The Wall Street Journal has a story about the rising popularity of Video Blogs (paid subscription required). It also illustrates the culture (and acceptability?) of the Internet in taking clips from others and posting it on your own blog.

Bloggers don't charge for access, but they haven't been paying for copyrighted footage, either. And bloggers seldom ask each other for permission. "The law really hasn't caught up," says Mr. Golson. "The rule of thumb is you can take stuff as long as you say where you got it from," and as long as you don't sell it, he adds.

Rule of Thumb? I'm not advocating a slew of copyright suits, but I don't think all copyright holders would find this rule of thumb acceptable.

However, the Rule of Thumb worked out for Mr. Tommy Lorensten from Sweeden. He was the one that shot the compelling video of the tsunami hitting Phuket where an elderly couple was overcome by a wave and where the spot Mr. Lorensten was once standing was suddenly 3-4 feet under water. Mr. Golson has the clip here.

After widspread circulation on the Internet, the rights to Mr. Lorensten video was sold to CNN, ABC News and others for a reported total of $20,000.00. Although, I'm not certain whether Mr. Lorensten saw any of that money, because the WSJ article seemed to imply that the rights were sold by Norway's Dagbladet newspaper. In that case, Mr. Lorensten might have a legitimate beef.

This web site provides general information about our firm for your convenience. This website and its content do not establish an attorney/client relationship between us. Information on the site is not legal advice.
Do not send confidential information to any of our lawyers without first obtaining our permission.